“Snakes in Airplane Mode” – What if Your Phone Says It’s Offline But Isn’t?
Data Loss, Malware
In a recent paper entitled “Fake Airplane Mode: A mobile tampering technique to maintain connectivity,” researchers at Apple device management company Jamf discovered a concerning method that allows attackers to deceive iPhone users into thinking their device is offline when it is not. This “fake airplane” mode attack does not involve stealing private data or exfiltrating information, but rather tricks users by displaying visual clues that imply the device is disconnected from the internet.
The good news is that this technique cannot be triggered remotely through malicious websites; attackers need to first implant rogue software onto the iPhone to execute the attack. However, the concern arises from the possibility that scammers, confidence tricksters, and spyware peddlers may find a way to hide this deceitful technique in seemingly harmless apps on the App Store, bypassing Apple’s verification process.
What You See is Not Necessarily What You Get
When users enter airplane mode, they expect their device to be completely cut off from the internet. To verify this, most users would typically swipe up from the home screen to access the Control Center and tap on the airplane icon. This action turns the airplane icon orange and grays out the mobile, wireless, and Bluetooth icons. Opening or refreshing a web page when in airplane mode usually produces a notification that explicitly tells users to turn off airplane mode or use Wi-Fi to access data.
However, Jamf researchers discovered clever tricks to separate appearance from reality. Firstly, they intercepted the API call triggered by tapping on the airplane icon, making it appear as if the device was in airplane mode in the iPhone logs while hijacking the system call to only turn off Wi-Fi but not the mobile network. This allowed any app authorized to use mobile data to continue accessing the internet. Secondly, they reconfigured the browser (in their tests they used Safari) to block the app alone from using mobile data connections, rather than the entire device. To further deceive users, they intercepted the “mobile data is turned off” dialog and replaced it with an “airplane mode is on” notification. Lastly, they dimmed the mobile data icon to give the false impression that it was disabled, even though it remained active.
What to Do?
The researchers found that these tricks only worked when changes were made via the Control Center screen. If users go directly to the Settings page, the misrepresentation of the device’s connectivity is no longer possible. The Airplane Mode setting and its impact on Wi-Fi, Bluetooth, and Mobile Data settings can be accurately controlled and verified from the Settings page.
It is important for users to remember that a simple connection test with their browser might not always provide the truth. Instead, they should check directly on the Settings page to ensure their device is truly disconnected from the internet. While it is theoretically possible for a determined attacker with powerful malware to interfere with the Settings page, the Jamf research did not identify a practical way to achieve this.
Conclusion
This discovery by Jamf highlights the need for users to be vigilant about their device’s connectivity and to not blindly trust visual clues or notifications. It also raises concerns about the potential for attackers to exploit this deceptive technique through seemingly harmless apps on the App Store. While Apple’s App Store verification process is robust, it is not foolproof. Users should exercise caution when downloading and using apps, even from trusted sources.
To stay safe from such attacks, it is crucial to keep devices updated with the latest security patches and to practice good cybersecurity hygiene. Regularly checking the Settings page and being mindful of unusual behavior on the device can help identify potential threats. Additionally, users should consider installing reputable security software to provide an extra layer of protection against malware and malicious apps.
<< photo by Elshad Aliyev >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Innovating Security: DEF CON’s AI Village Aligns Hackers and LLMs to Uncover Vulnerabilities
- The Battle for Data Privacy: Navigating the Era of Generative AI
- WinRAR Under Siege: Exposing a Critical Vulnerability for PC Takeover
- The Rising Threat of Gigabud RAT: Android Banking Malware Spreads its Reach Across Multiple Countries
- Fluhorse: Unveiling the Flutter-Based Android Malware Threat
- Digital Deception: Manipulating iPhone’s Airplane Mode for Security Breaches
- Apple iOS 16: Unveiling the Stealthy Cellular Access Exploit Disguised as Airplane Mode
- “The Apple iOS 16 Vulnerability: Exposing Flawed Airplane Mode Security”
- WinRAR Security Flaw Spotlight: A Gateway for Hackers to Commandeer Your Computer
